Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

SQL Injection Named Top Database Concern for SMBs in Recent Survey

GreenSQL, a company that SecurityWeek first met earlier this year during the RSA Conference, recently released the results of a poll that included more than 6,000 customers, IT administrators, DBAs, InfoSec practitioners, and consultants. The results, when focused on information security and database security, show that the majority fear SQL Injection vulnerabilities.

GreenSQL, a company that SecurityWeek first met earlier this year during the RSA Conference, recently released the results of a poll that included more than 6,000 customers, IT administrators, DBAs, InfoSec practitioners, and consultants. The results, when focused on information security and database security, show that the majority fear SQL Injection vulnerabilities.

The respondents were all in the SMB space, which is where most of the database breaches in 2011 came from, so it is natural that they are hyperaware of the threat. Thus, when 51% of them named SQL Injection attacks as a primary concern, either from external or internal sources, you could almost argue that this was expected.

Perhaps so, but SQL Injection remains the top method used by attackers in order to gain unauthorized access to data, and it has been a major attack vector for years, so awareness in situation is a lot like being close in a game of hand grenades.

In addition to SQL Injection, other data protection concerns expressed by the study’s respondents include internal threats (31%), such as unauthorized access, DBA errors, and data exposure to non-privileged users; and compliance (18%).

“In today’s environment, it isn’t a matter of whether you will be hacked, but when. Cybercriminals recognize that not only enterprises but also SMBs are especially vulnerable,” said GreenSQL CEO, Amir Sadeh.

“Databases contain the crown jewels of an organization, which means a break-in by insiders or outsiders can cost millions in fines, lawsuits, and customer attrition.”

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

A new report finds that barely 1% of all SBOMs being generated today meets the “minimum elements” defined by the U.S. government.

Application Security

A security vulnerability identified on AliExpress, the wholesale marketplace owned by the Chinese e-commerce giant Alibaba, could have been exploited by hackers to hijack...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...